[OTR-dev] pidgin-otr: mode 600 instead of 644
Ian Goldberg
ian at cypherpunks.ca
Tue Jun 17 11:49:01 EDT 2008
On Tue, Jun 17, 2008 at 02:17:14PM +0200, Caspar Clemens Mierau wrote:
> Hi,
>
> after reading
>
> https://bugs.launchpad.net/ubuntu/+source/pidgin/+bug/156204
>
> I checked the .purple/otr.* files created by pidgin-otr. They have a
> mode 644 which is at least for otr.private_key a security issue and
> breaks the design of .purple which actually makes files 0600.
>
> I wrote a small six line patch and successfully applied and tested it.
> Would you please check it and consider applying it to your upstream
> code?
>
> Patch is attached.
Thanks! My only concern is what happens when you try to build the
Windows version of pidgin-otr with this patch. I suppose we could wrap
it in a HAVE_UMASK or something? My Win32 cross-compilation environment
isn't with me right now, but I'll check it later on.
- Ian
More information about the OTR-dev
mailing list